Monday, December 23, 2013

Backdoor in crypto software: RSA Security Denies NSA payments - Heise Newsticker

NSA affair

The NSA, British GCHQ and other Western intelligence agencies engage in large-scale international communications from, spy companies, and government agencies and service providers undertake in secret to cooperate. Details of this total surveillance system reveal top secret documents that brought the whistleblower and former NSA analyst Edward Snowden itself and passed on to the media.

  • timeline for NSA surveillance scandal
  • The NSA scandal in the Summary
  • reports and summaries for NSA affair
  • surveillance by NSA & Co. endangers democracy
  • Why the NSA scandal concerns everyone
  • A Backdoor in BSAFE should be there, and for the controversial random number generator Dual EC DRBG be fitted as standard – and the NSA has it paid 10 million U.S. dollars to the security software maker RSA Security: At least, suggest reports that relate to new publications from the collection of documents of NSA whistleblower Edward Snowden. If this were true, this would be a serious blow to confidence in security software – and of course, particularly a severe blow to confidence in RSA Security, and for the business of the company. No wonder that RSA Security vehemently denied the allegations and to refute their own arguments trying.

    had “never a secret treaty with the NSA closed to integrate a known susceptible random number generator in the encryption libraries of BSAFE,” says RSA Security. This RSA not even denies to have cooperated with the NSA, “both as a producer and as a member of the security community.” We have thus never held behind the mountain, but this is always communicated to the public. It has always been the goal of RSA, both to strengthen the security for companies and for the government not to weaken. You’ve made the decision to use dual EC DRBG in 2004 – at that time there had been efforts in the industry to develop better encryption methods. At the time, NSA was still playing a trusted role in these efforts for stronger, not weaker encryption.

    have dual EC DRBG the algorithm is further inserted into BSAFE because he was accepted as a standard of the American National Standard Institute NIST. The first discussions about the security of the random number generator came up, they had to rely on the NIST as a referee. As the NIST then changed his assessment of the algorithm, we have also responded accordingly, emphasizes RSA Security.

    The toolkit BSAFE uses dual EC DRBG so far mainly to perform cryptographic measures. This includes, for example, to generate an RSA key. RSA Security also indicate that BSAFE is used in thousands of commercial products. Dual EC DRBG but was only one of several possible options, the users of the toolkit were always free to decide which algorithm they wanted to use, RSA now emphasizes in the Declaration on the backdoor allegations.

    The NSA has developed the random complete itself, was released through backdoor allegations. Previously it was speculated only through participation in the development by the Geheimdiuenst. In September 2013, the U.S. government agency NIST had then warned against the use of the Dual_EC_DRBG, RSA Security, followed a little later this assessment and warned even before the random number generator. Since 2007, the cryptographers speculated scene about whether dual EC DRBG is a back door.

    See also:

  • NSA paid 10 million dollars for crypto backdoor
  • NSA affair: random number generators under the magnifying glass
  • crypto strategy of the NSA is no surprise
  • (jk)

    No comments:

    Post a Comment